| Title | ajayrandhawa/User-Management-PHP-MYSQL web 1 File Upload Vulnerability |
|---|
| Description | This project has two file upload vulnerabilities. After downloading the project to your local machine and setting it up successfully, log in to the administrator account using the initial username and password. You can upload files in the user management interface.
The front-end JavaScript validation only checks the file extension, and is limited to JPG/JPEG formats. However, the server-side does not perform adequate validation, nor does it verify the file type or content. Additionally, the file is not renamed to a random name. Therefore, this file upload vulnerability exists. |
|---|
| Source | ⚠️ https://github.com/Lianhaorui/Report/blob/main/FileUpload.docx |
|---|
| User | lianhaorui (UID 91045) |
|---|
| Submission | 10/11/2025 05:54 (8 months ago) |
|---|
| Moderation | 10/25/2025 08:25 (14 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 329871 [ajayrandhawa User-Management-PHP-MYSQL up to fedcf58797bf2791591606f7b61fdad99ad8bff1 User Management Interface /admin/edit-user.php image unrestricted upload] |
|---|
| Points | 20 |
|---|